Solved: How to extract time format using rex? "Transaction...

karthi2809 · ‎12-18-2017

How to extract time format using rex ?

TransactionStartTime=12/19/2017 06:23:35.474;

mayurr98 · ‎12-18-2017

if you to extract this as your event time then put below in props.conf

[your_sourcetype]
TIME_PREFIX = TransactionStartTime=
TIME_FORMAT = %m/%d/%y %H:%M:%S.%3N

If you want to extract it in a field called "TransactionStartTime"

index=your_index | rex field=_raw "TransactionStartTime=(?P<TransactionStartTime>\d{2}\/\d{2}\/\d{4}\s\d{2}:\d{2}:\d{2}\.\d{3})"

Let me know if this helps!

mayurr98 · ‎12-18-2017

if you to extract this as your event time then put below in props.conf

[your_sourcetype]
TIME_PREFIX = TransactionStartTime=
TIME_FORMAT = %m/%d/%y %H:%M:%S.%3N

If you want to extract it in a field called "TransactionStartTime"

index=your_index | rex field=_raw "TransactionStartTime=(?P<TransactionStartTime>\d{2}\/\d{2}\/\d{4}\s\d{2}:\d{2}:\d{2}\.\d{3})"

Let me know if this helps!

karthi2809 · ‎12-18-2017

Thanks you mayurr98

How to extract time format using rex? "TransactionStartTime=12/19/2017 06:23:35.474"